Last night something started to go wrong with the process and the wheels came off the wagon.

Here’s how I got them back on.

I am running the Premium (lifetime subscription) version of Malwarebytes. Some time ago they came out with a new 3.0 version release. I’ve been reading the reviews throughout the rollout and have waited to do the upgrade. Once nice feature is it now includes the full version of their awesome Anti-Exploit program at no cost to Premium subscribers; something I was using the limited/free version for but couldn’t protect my Chromium-based Vivaldi browser sessions with as the free version didn’t allow setting of custom protections.

As I said, all the bits had been running fine together although – to be fair – Malwarebytes does warn users of EMET during installation that it has compatibility issues and recommends removal of EMET. If disregarded, the installation will continue fine.

Thursday night, my Malwarebytes 2.0 version final got auto-triggered to offer me the eligible upgrade to the 3.0 version.

I said OK and let it install. Installation seemed to go fine. No errors.

However last night, I went to launch Microsoft Excel and EMET went crazy and blocked it from running due to a perceived exploit. That hasn’t ever happened before and I was very confident my system hadn’t been actually exploited. I tried both Excel 2007 and 2010 versions that I have and both got the same reaction by EMET. I then tried Word and it also caused EMET alerts and binary blockage. Hmm.

Well, maybe something in the new Malwarebytes 3.0 was causing a compatibility issue with EMET finally.

So I went to uninstall EMET. Only I had two versions.

Not sure how that happened. EMET 5.52 was supposed to allow for in-place upgrade of EMET over a prior version. Didn’t recall getting an error before.

So I went to uninstall EMET 5.5 and got this:

Same result trying to uninstall EMET 5.52

I tried repairs, changes, etc. to both EMET applications. I still had the original MSI installers for them both but even re-downloaded them from Microsoft. None seemed successful. Note the dates in the “Installed On” column were yesterday’s so something in the processes I did worked, but it wouldn’t let me uninstall them; continuing to present that same “error code is 2738” message.

Since using Excel/Word were critical last night, I worked around the problem up removing all the EMET setting protections for the Microsoft Office suite application binaries. That let me run them without being blocked.

I figured that would be enough, but this afternoon I went to open a PDF with Adobe Reader – and EMET blocked it too from launching due to some kind of perceived exploit.

EMET had to finally go and I had to punch through that error code.

I ended up in a Microsoft forum where others with previous versions of EMET had encountered the same error but it seemed on installations – not uninstall activity.

All the rest were under HKEY_CLASSES_ROOT, HKEY_LOCAL_MACHINE, or HKEY_USERS.

I exported the registry key first (just in case) then I deleted it.

I then opened up CMD (under an elevated Administrator session) and ran the following commands (note my system is a Windows 7 Home x64 OS):

cd %windir%\syswow64<enter>

regsvr32 vbscript.dll <enter>

I then went back and attempted to remove EMET 5.5 and it uninstalled with no more error 2738 codes.

I then followed by removing EMET 5.52 and it came off just fine as well with no errors.

I wrapped things up by re-applying my default CryptoPrevent and MalwareBytes protections states again.

Done.

Again, the trick was to remove the Registry entry just under the HKCU location where it was found present, then re-register the vbscript.dll component properly.

Later while preparing for this post I did find this EMET-related forum post that basically walks one through the same steps for an earlier version of EMET on a x32 bit based version of Windows 7. If you try to follow that and have an x64 bit version of Windows, you will need to adjust accordingly.

The key to understanding why this works (and where the problem lies is explained nicely in Heath’s above post:

As somepeople have found, re-registering the runtime libraries vbscript.dll and jscript.dll will fix the errors, but that isn’t always the solution.

As a security measure, Windows Installer will not load script engines registered in HKEY_CURRENT_USER. As a user-writable store, a normal user could get an elevated install to run their library masking as a script engine if the custom action was not explicitly attributed with msidbCustomActionTypeNoImpersonate (0x0800). This is an elevation of privileges attack; thus, Windows Installer returns error message 2738 or 2739 for custom actions type 6 and type 5, respectively, and returns Windows error 1603, ERROR_INSTALL_FAILURE.

Because – somehow – vbscript.dll did get itself registered under my HKEY_CURRENT_USER location, the EMET MSI uninstaller script could not execute. Only by pulling it out, then re-registering it in the correct location automatically, would the removal process complete.

I only removed EMET from this particular system as it exhibited the crazy mitigation interceptions for Microsoft Office immediately after upgrading to MalwareBytes 3.0 Premium.

On my other Windows 7 Ultimate system, I am still running EMET (5.52 only) along with the protections noted in the top of this post. The only difference is that I’m using the free version of Malwarebytes 2.0 on it (without real-time protections). So until an issue appears, I’m keeping EMET on that system.

Lavie still is running Windows 8.1 on her laptop with a similar configuration. Lesson learned is that I will first remove EMET before upgrading her MBAM Premium version from 2.0 to 3.0.

Friday, September 30, 2016

We continue to use an older version (EasyWorship 2009) of EasyWorship for our church service projection screen management.

We’ve tried the newer EasyWorship 6 release – and it does have a lot of very attractive features – however the process and projection flow just doesn’t fit us as well as the older EasyWorship 2009 layout.

Anyway…EasyWorship has a plug-in like feature that allows you to sign into the SongSelect service with your associated account and easily import song lyrics directly into your EasyWorship song database.

Recently SongSelect updated their website design and it created several problems within the EasyWorship 2009 program.

First, the SongSelect webpage was “broken” in rendering within EasyWorship 2009

It may be hard to see but that banner area is all whacked out and the Sign In link didn’t work well at all.

Secondly, one could go to the SongSelect Classic page using the offered URL in that broken banner area and log in,

However while you could then log in normally, when we went to try to import song lyrics the “Import” button remained grayed out while using this “classic” login method.

Our workaround was to download the lyric as a text file, then copy/paste it into a new song record in the database. This was less than ideal as you missed out a lot of the “meta-data” for the song item and had to manually put all that in as well.

I did some searching and found this helpful fix in the EasyWorship support forums.

Basically, you download an IE Fix patch from them for your Windows OS version and run it. It unpacks the EXE file to a temporary location, executes a batch file, and then applies a REG key fix to your Windows Registry to fix the issue.

In case you are curious, the fix just applies one of these registry tweaks depending on your OS (32 or 64 bit).

One of the features it comes with is the ability to play music off a USB stick..

So he grabbed a very nice Lexar brand USB 3.0 64 GB USB stick while at a local office-supply store and copied his music files to it.

Unfortunately it didn’t play. His old USB 2.0 1 GB stick worked fine in the vehicle.

He thought it might be a bad stick (or that the sound system didn’t support USB 3.0) and was getting ready to return it to the store but I asked him a few questions.

First he confirmed it was NTFS formatted. That’s pretty common on many newer USB 3.0 sticks I’ve seen lately. I suggested he might want to try formatting at FAT32.

Note: Per the 2017 Toyota Camry Owners Manual (page 272) this requirement was later confirmed: file system format needed to be FAT 16/32. Other important points are that the USB device can only have 8 levels of folder heirachy, a maximum of 3000 folders, a maximum of 9999 files, and a maximum of 255 files per folder. Files must be in MP3, WMA, or AAC format.

The next problem was that his Windows 10 system would only offer to format the device in exFAT.

So I had him go CMDo and run DISKPART.

DISKPART>list disk

DISKPART>select disk # <—picked # that represented USB stick on his system

DISKPART>clean

DISKPART>create partition primary

DISKPART>active

DISKPART>assign letter = E

DISKPART>format fs=fat32

DISKPART>exit

Only that netted him an error during the formatting process that the volume was too big.

Then I remembered a GUI utility from Ridgecrop Consultants Ltd that I used a long time ago.

Monday, September 05, 2016

Last night I was culling my collection of Windows key-finding utilities. There were some that had gone “404” and others that didn’t seem stable (or effectively work at all) on newer Windows 7/10 systems.

Many were collected back in the days of Windows XP so I decided to pick through them and dump the oldest ones and add some new ones.

This morning I saw that the TinyApps.org bloggist was hard at work on his own list!

About a month ago I was asked by a family at the church-house if I could give them some advice about their son’s two-year-old Lenovo Y50 laptop.

Apparently the hard-drive had failed and time was short before he headed off to college out of state.

They had purchased a new 1 TB Western Digital laptop drive similar to the one in it but despite good effort had been unable to get Windows 10 reloaded on the device. They suspected more was wrong with the system and wanted to confirm before picking up a new laptop before he shipped out. Basically, they said the BIOS detected the HDD but they could not get Windows 10 reloaded on the laptop.

I asked them to let me look at the system along with the bits and pieces and then I would let them know.

So, armed with my various troubleshooting tool kits and USB sticks I sat down in our sound-booth with it and ran a quick assessment.

I’m more of a Dell-guy and hadn’t had much experience with the Lenovo line. As such, getting into the BIOS took a bit of research.

It worked perfectly. That confirmed the laptop recognized the drive while running under a Windows OS and it was working as expected. Now I needed to get the Win 10 OS loaded on the hard drive.

I shut it down and rebooted it again with the NOVO button. I went back in to the boot options tab and set it back to UEFI, saved the changes and rebooted.

This time I had swapped USB sticks and now used a Windows 10 Installation Media USB that I had previously built when I was working on my own laptops a while back.

The Win 10 lnstaller loaded and the setup wizard started.

Only I had forgotten that the HDD was still configured as MBR with my pre-testing.

Win 10 and UEFI BIOS support enabled didn’t like each other and the wizard refused to continue with the installation. So at that point in the installation options I had to just delete the MBR partition I had made so Win 10 could automagically create the partition again as a GPT type which it required.

It did and then the rest was just watching Win 10 install, reboot a few times, creating a local user account, and dumping on the OS updates.

Because it had Win 10 on before, it automatically loaded the license key from BIOS storage and activated Win 10 once fully installed and after I connected it to the Internet.

Done. The Y50 was a sharp looking (and running) laptop and I was impressed during my short service time with it.

Note: I had planned on looking at the failed hard-drive to see if any data could be recovered and ported back over onto the new drive, but they said that wasn’t needed and would just go with a fresh-start. I left it to them to follow up with any remaining software application reinstalls as well.

I didn’t kick off the new Win 10 "Anniversary Edition" build update release since this was to be just a short “assessment” service but told them that it should eventually auto update in a week or so. I also let them know they could force it on early by heading over to this Microsoft site page and following the instructions.

We laughed and then hunkered down when a ferocious storm blew through dumping rain by the bucketfuls, tossing lighting, drumming up thunder. And killing the power for about 30 minutes.

It was perfect!

Along the way I couldn’t help but be a dad and do some fixing of Alvis’s laptop.

See about a week or two prior, her husband had been using it when suddenly it died right in the middle of some work.

Alvis tried some pretty good troubleshooting but couldn’t make headway. It seemed to sort-of boot but would just display a black screen and power off.

To make matters more challenging, the kids reported that Microsoft had foisted a stealty/scammy Windows 10 upgrade on them. It was running Windows 7 just fine, but did a Windows 10 upgrade they didn’t ask for or want anyway. Classy.

However, they were good sports and adjusted. It seemed the Windows 10 upgrade went ok and the laptop survived the experience intact.

Was it a Windows 10 upgrade black-screen problem related to the upgrade? Was it a bad system board or power-source issue? Bad display? That snoodle can get rough at times though I didn’t see any teeth-marks on the lid.

In the worst case scenario, I was prepared to do a data-recovery and then port Alvis’s files onto her external USB drive so she could still work with her data on another laptop if her’s was dead.

I made sure the device was on the AC power cord and tried to boot it with a bootable USB stick first. Nothing.

I removed the stick and tried a power cycle again.

Miraculously, it sprang to life this time – for a moment. Enough to partially display a Windows 10 boot loading routine and for me to see an exasperated and amazed look on Alvis’s face that it was working for me – before the screen went black again and nothing.

Hmmm.

I pulled the battery out of the laptop and removed the AC cord plug.

I pulled a Leatherman Micra multitool out of my pocket and removed the bottom laptop access cover.

Alvis said she had started to do that earlier but stopped since she was afraid she would loose the tiny screws.

I was proud she had considered that (exploring under the access cover) and explained that the lid screws were “captive” and probably wouldn’t come out – though I did keep my eye closely on the schnoodle.

I pulled out the single DIMM of RAM, then firmly reseated it and clipped it back in.

The access cover was snapped back in place and screwed down, the battery returned to the bay, and the A/C power connected.

It booted right up normally and ran like nothing had happened. Fixed just like that.

After offering to roll her laptop back to Windows 7 (declined by Alvis) she did say that the thing that frustrated them them most was the “new” Start button and menu.

I downloaded and installed Classic Shell and after a bit of tweaking had the Windows 10 start menu tamed into a format Alvis was familiar with again.

Mischief managed – for now!

A right-perfect Father’s Day and I was still able to be handy and useful.

Thank you Alvis!

You are the best daugher a father could ever hope to have. I’m so proud of you.

Alister is my hot-rod racer – it’s a hand-me-down Dell XPS L702X laptop also running an i7 core, one 250 GB SSD drive (system/boot) and a 2nd 500 GB HDD in the 2nd bay. It has 16 GB of system RAM.

So here is my quandary.

I really, really love the boot speed and performance of the Samsung SSD 840 EVO 250 GB SSD drive. Once you go SSD it’s very difficult to consider a traditional spinning platter HHD.

However the prices for larger storage capacity on a SSD are still pretty high.

I’ve almost filled up the 250 GB SSD in Alister. Luckily I’ve been able to migrate more files and apps to the 2nd HDD drive and am fine for now.

For Tatiana, all those music and video files, utilities and applicaiton installs are taking their toll and the 500 GB drive in it is almost filled up too. And unfortunately, I don’t have a 2nd drive bay space on that laptop.

My gut tells me I will do better in the long run if I pick up some nice 1TB traditional HDD’s for both laptops.

If I go with a speedy 7200 RPM drive with a big and fast cache I would still come out ok. I could easily pick up 2-3 of those drives for less than the price of a single 500GB SSD drive (when I honestly want a 1TB SSD size). Though I could probably find a budget SSD drive, I’m spoiled with the Samsung EVO line right now and it would be hard to walk away from.

Thoughts?

Any recommendations for a solid, fast, and dependable 1TB or larger 2.5 inch internal HDD for a laptop?

If I rolled Alister back to a 1 TB HDD for the system drive, I’d likely pass the SSD drive in it now over to Lavie and upgrade her older Dell laptop with it. She doesn’t need near the storage space and the faster boots would make her happy. It would be an easy-peasy performance upgrade for her system.

Credits

Why this? It is the simple blog of a Last Exile fan and is intended to express the enjoyment we derive from studio Gonzo's production. Although we closely relate with those characters, we aren't them in real life. We just want to keep the memory of these incredible young kids alive. So go buy Gonzo's Last Exile DVD's!